Mobile Privacy and Security Takes Two Steps Forward, One Step Back: 2014 in Review
EFF started the year by releasing HTTPS Everywhere on Firefox for Android. Before, HTTPS Everywhere could only protect web browsing on desktop platforms, but with the release of HTTPS Everywhere for Firefox for Android, that same protection became available for Android devices as well.
June saw what was perhaps the biggest victory for smartphone privacy all year. Following several similar rulings earlier in the year by various state courts, the U.S. Supreme Court ruled that police must obtain a warrant in order to search a suspect’s cellphone. While the importance of this victory cannot be overstated, there were still more victories to come.
For example, June also saw Apple announce that it would limit the ability of third-parties to physically track iPhones and iPads by randomizing MAC addresses.1 And in July, an EFF investigation showed that Android devices were announcing to the world which Wi-Fi networks they’d connected to in the past, giving anyone listening in a history of where the device’s owner had been. What at first appeared to be a setback turned into a victory, though, when a Google employee submitted a patch that fixed the bug.
Another step forward came in September, when Apple announced that future iOS devices would feature disk-encryption enabled by default. (Google made a similar announcement for Android shortly afterwards.) This led to a predictable demand from law enforcement for encryption backdoors, which we explained would be a terrible, horrible, very bad idea.
Unfortunately, 2014 also saw some setbacks.
September saw Google ban the privacy and security app Disconnect Mobile from the Play Store. Disconnect Mobile is designed to block non-consensual third-party tracking, much like EFF’s own Privacy Badger. Unfortunately non-consensual third-party tracking is used by a large fraction of mobile advertisers, a demographic Google appears to care for more than its users.
Perhaps the biggest setback of the year came in November, when security researchers showed how Verizon and AT&T were injecting uniquely identifying headers (effectively perma-cookies) into their customers’ traffic. While the public outcry led AT&T to stop, Verizon refused to do so.
Despite these setbacks, progress on mobile privacy was primarily positive in 2014, in terms of both how the law treats mobile devices, and in terms of privacy-enhancing mobile technologies.
There’s still plenty left to do in the coming year, though. EFF attorneys worked throughout 2014 to convince the courts that police should have to get a warrant before demanding cellphone location records, and those cases will continue in 2015. We also intend to keep up the pressure on Verizon about its perma-cookie program. With your help, we can ensure that 2015 has just as many victories for mobile privacy as 2014.
This article is part of our Year In Review series; read other articles about the fight for digital rights in 2014. Like what you're reading? EFF is a member-supported nonprofit, powered by donations from individuals around the world. Join us today and defend free speech, privacy, and innovation.
- 1. While there has been some concern about the actual implementation, it’s at least a step in the right direction.